package com.stripe.android.stripe3ds2.transaction;

import Db.C1401d;
import Jk.a;
import Jk.b;
import Oc.a;
import Oc.n;
import Oc.o;
import Oc.p;
import Pc.d;
import Pc.f;
import Rc.k;
import Vk.C2835a;
import Vk.c;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.KeyTypeException;
import com.stripe.android.stripe3ds2.observability.ErrorReporter;
import ed.C4426a;
import ed.C4427b;
import ed.C4431f;
import ed.C4432g;
import ed.C4433h;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import javax.crypto.SecretKey;
import kotlin.Unit;
import kotlin.collections.a;
import kotlin.jvm.internal.C5205s;
import kotlin.jvm.internal.DefaultConstructorMarker;
import org.json.JSONException;
import org.json.JSONObject;
import xk.k;
import xk.l;
import yk.q;
import yk.z;

/* compiled from: JwsValidator.kt */
/* loaded from: classes7.dex */
public final class DefaultJwsValidator implements JwsValidator {
    public static final Companion Companion = new Companion(null);
    private final ErrorReporter errorReporter;
    private final boolean isLiveMode;
    private final List<X509Certificate> rootCerts;

    /* compiled from: JwsValidator.kt */
    /* loaded from: classes7.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final void validateChain(List<? extends C4426a> list, List<? extends X509Certificate> list2) throws GeneralSecurityException, IOException, ParseException {
            LinkedList a10 = C4432g.a(list);
            KeyStore createKeyStore = createKeyStore(list2);
            X509CertSelector x509CertSelector = new X509CertSelector();
            x509CertSelector.setCertificate((X509Certificate) a10.get(0));
            PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(createKeyStore, x509CertSelector);
            pKIXBuilderParameters.setRevocationEnabled(false);
            pKIXBuilderParameters.addCertStore(CertStore.getInstance("Collection", new CollectionCertStoreParameters(a10)));
            CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
        }

        public final KeyStore createKeyStore(List<? extends X509Certificate> rootCerts) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
            C5205s.h(rootCerts, "rootCerts");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            int i = 0;
            for (Object obj : rootCerts) {
                int i10 = i + 1;
                if (i < 0) {
                    q.l();
                    throw null;
                }
                keyStore.setCertificateEntry(String.format(Locale.ROOT, "ca_%d", Arrays.copyOf(new Object[]{Integer.valueOf(i)}, 1)), rootCerts.get(i));
                i = i10;
            }
            return keyStore;
        }

        public final o sanitizedJwsHeader$3ds2sdk_release(o jwsHeader) {
            C5205s.h(jwsHeader, "jwsHeader");
            n nVar = (n) jwsHeader.f13028b;
            if (nVar.f13026b.equals(a.f13025c.f13026b)) {
                throw new IllegalArgumentException("The JWS algorithm \"alg\" cannot be \"none\"");
            }
            return new o(nVar, jwsHeader.f13029c, jwsHeader.f13030d, jwsHeader.f13031e, jwsHeader.f13033h, null, jwsHeader.f13034j, jwsHeader.f13035k, jwsHeader.f13036l, jwsHeader.f13037m, jwsHeader.f13038n, jwsHeader.f13112p, jwsHeader.f13032f, null);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public DefaultJwsValidator(boolean z10, List<? extends X509Certificate> rootCerts, ErrorReporter errorReporter) {
        C5205s.h(rootCerts, "rootCerts");
        C5205s.h(errorReporter, "errorReporter");
        this.isLiveMode = z10;
        this.rootCerts = rootCerts;
        this.errorReporter = errorReporter;
    }

    private final X509Certificate certificateFromString(String str) {
        int i;
        int i10;
        a.b bVar;
        int i11;
        int i12;
        a.C0110a c0110a;
        int i13;
        a.C0110a c0110a2 = Jk.a.f9090d;
        int length = str.length();
        c0110a2.getClass();
        int i14 = 0;
        a.C0817a.a(0, length, str.length());
        String substring = str.substring(0, length);
        C5205s.g(substring, "substring(...)");
        byte[] bytes = substring.getBytes(c.f18938d);
        C5205s.g(bytes, "getBytes(...)");
        int length2 = bytes.length;
        a.C0817a.a(0, length2, bytes.length);
        int i15 = 8;
        int i16 = -2;
        int i17 = 1;
        boolean z10 = c0110a2.f9092b;
        if (length2 == 0) {
            i10 = 0;
        } else {
            if (length2 == 1) {
                throw new IllegalArgumentException(Ac.a.f(length2, "Input should have at least 2 symbols for Base64 decoding, startIndex: 0, endIndex: "));
            }
            if (z10) {
                i = length2;
                int i18 = 0;
                while (true) {
                    if (i18 >= length2) {
                        break;
                    }
                    int i19 = b.f9094a[bytes[i18] & 255];
                    if (i19 < 0) {
                        if (i19 == -2) {
                            i -= length2 - i18;
                            break;
                        }
                        i--;
                    }
                    i18++;
                }
            } else if (bytes[length2 - 1] == 61) {
                i = length2 - 1;
                if (bytes[length2 - 2] == 61) {
                    i = length2 - 2;
                }
            } else {
                i = length2;
            }
            i10 = (int) ((i * 6) / 8);
        }
        byte[] bArr = new byte[i10];
        int[] iArr = c0110a2.f9091a ? b.f9095b : b.f9094a;
        int i20 = -8;
        int i21 = 0;
        int i22 = 0;
        int i23 = -8;
        while (true) {
            int i24 = i17;
            bVar = c0110a2.f9093c;
            int i25 = i15;
            if (i21 >= length2) {
                i11 = i16;
                i12 = 0;
                break;
            }
            if (i23 != i20 || (i13 = i21 + 3) >= length2) {
                c0110a = c0110a2;
            } else {
                c0110a = c0110a2;
                int i26 = i21 + 4;
                int i27 = (iArr[bytes[i21 + 2] & 255] << 6) | (iArr[bytes[i21] & 255] << 18) | (iArr[bytes[i21 + 1] & 255] << 12) | iArr[bytes[i13] & 255];
                if (i27 >= 0) {
                    bArr[i14] = (byte) (i27 >> 16);
                    int i28 = i14 + 2;
                    bArr[i14 + 1] = (byte) (i27 >> 8);
                    i14 += 3;
                    bArr[i28] = (byte) i27;
                    i17 = i24;
                    i15 = i25;
                    i21 = i26;
                    c0110a2 = c0110a;
                    i16 = -2;
                    i20 = -8;
                }
            }
            int i29 = bytes[i21] & 255;
            int i30 = iArr[i29];
            if (i30 >= 0) {
                i21++;
                i22 = (i22 << 6) | i30;
                int i31 = i23 + 6;
                if (i31 >= 0) {
                    bArr[i14] = (byte) (i22 >>> i31);
                    i22 &= (i24 << i31) - 1;
                    i23 -= 2;
                    i14++;
                } else {
                    i23 = i31;
                }
                i17 = i24;
                c0110a2 = c0110a;
                i15 = 8;
            } else if (i30 == -2) {
                if (i23 == -8) {
                    throw new IllegalArgumentException(Ac.a.f(i21, "Redundant pad character at index "));
                }
                if (i23 != -6) {
                    if (i23 != -4) {
                        if (i23 != -2) {
                            throw new IllegalStateException("Unreachable");
                        }
                    } else {
                        if (bVar == a.b.ABSENT) {
                            throw new IllegalArgumentException(Ac.a.f(i21, "The padding option is set to ABSENT, but the input has a pad character at index "));
                        }
                        int i32 = i21 + 1;
                        if (z10) {
                            while (i32 < length2) {
                                if (b.f9094a[bytes[i32] & 255] != -1) {
                                    break;
                                }
                                i32++;
                            }
                        }
                        if (i32 == length2 || bytes[i32] != 61) {
                            throw new IllegalArgumentException(Ac.a.f(i32, "Missing one pad character at index "));
                        }
                        i21 = i32 + 1;
                        i12 = i24;
                        i11 = -2;
                    }
                } else if (bVar == a.b.ABSENT) {
                    throw new IllegalArgumentException(Ac.a.f(i21, "The padding option is set to ABSENT, but the input has a pad character at index "));
                }
                i21++;
                i12 = i24;
                i11 = -2;
            } else {
                if (!z10) {
                    StringBuilder sb2 = new StringBuilder("Invalid symbol '");
                    sb2.append((char) i29);
                    sb2.append("'(");
                    C2835a.a(i25);
                    String num = Integer.toString(i29, i25);
                    C5205s.g(num, "toString(...)");
                    sb2.append(num);
                    sb2.append(") at index ");
                    sb2.append(i21);
                    throw new IllegalArgumentException(sb2.toString());
                }
                i21++;
                i17 = i24;
                i15 = i25;
                c0110a2 = c0110a;
            }
            i16 = -2;
            i20 = -8;
        }
        if (i23 == i11) {
            throw new IllegalArgumentException("The last unit of input does not have enough bits");
        }
        if (i23 != -8 && i12 == 0 && bVar == a.b.PRESENT) {
            throw new IllegalArgumentException("The padding option is set to PRESENT, but the input is not properly padded");
        }
        if (i22 != 0) {
            throw new IllegalArgumentException("The pad bits must be zeros");
        }
        if (z10) {
            while (i21 < length2) {
                if (b.f9094a[bytes[i21] & 255] != -1) {
                    break;
                }
                i21++;
            }
        }
        if (i21 >= length2) {
            if (i14 != i10) {
                throw new IllegalStateException("Check failed.");
            }
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
            if (generateCertificate instanceof X509Certificate) {
                return (X509Certificate) generateCertificate;
            }
            return null;
        }
        int i33 = bytes[i21] & 255;
        StringBuilder sb3 = new StringBuilder("Symbol '");
        sb3.append((char) i33);
        sb3.append("'(");
        C2835a.a(8);
        String num2 = Integer.toString(i33, 8);
        C5205s.g(num2, "toString(...)");
        sb3.append(num2);
        sb3.append(") at index ");
        throw new IllegalArgumentException(C1401d.h(sb3, i21 - 1, " is prohibited after the pad character"));
    }

    private final PublicKey getPublicKeyFromHeader(o oVar) throws CertificateException {
        List<C4426a> list = oVar.f13037m;
        C5205s.g(list, "getX509CertChain(...)");
        PublicKey publicKey = C4433h.a(((C4426a) z.H(list)).a()).getPublicKey();
        C5205s.g(publicKey, "getPublicKey(...)");
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r4v13, types: [Pc.d] */
    /* JADX WARN: Type inference failed for: r4v9, types: [Pc.f] */
    private final Oc.q getVerifier(o oVar) throws JOSEException, CertificateException {
        Pc.c cVar;
        Qc.a aVar = new Qc.a();
        String str = C5205s.c((n) oVar.f13028b, n.f13101j) ? "SHA256withECDSA" : "SHA256withRSA";
        Tc.a aVar2 = aVar.f15442a;
        aVar2.f17757a = Signature.getInstance(str).getProvider();
        PublicKey publicKeyFromHeader = getPublicKeyFromHeader(oVar);
        Set<n> set = Rc.n.f16722d;
        n nVar = (n) oVar.f13028b;
        if (set.contains(nVar)) {
            if (!(publicKeyFromHeader instanceof SecretKey)) {
                throw new KeyTypeException(SecretKey.class);
            }
            cVar = new d((SecretKey) publicKeyFromHeader);
        } else if (Rc.q.f16726c.contains(nVar)) {
            if (!(publicKeyFromHeader instanceof RSAPublicKey)) {
                throw new KeyTypeException(RSAPublicKey.class);
            }
            cVar = new f((RSAPublicKey) publicKeyFromHeader);
        } else {
            if (!k.f16716c.contains(nVar)) {
                throw new Exception("Unsupported JWS algorithm: " + nVar);
            }
            if (!(publicKeyFromHeader instanceof ECPublicKey)) {
                throw new KeyTypeException(ECPublicKey.class);
            }
            cVar = new Pc.c((ECPublicKey) publicKeyFromHeader);
        }
        cVar.f16712b.f17757a = aVar2.f17757a;
        return cVar;
    }

    private final boolean isValid(p pVar, List<? extends X509Certificate> list) throws JOSEException, CertificateException {
        boolean a10;
        if (pVar.f13113c.i != null) {
            this.errorReporter.reportError(new IllegalArgumentException("Encountered a JWK in " + pVar.f13113c));
        }
        Companion companion = Companion;
        o oVar = pVar.f13113c;
        C5205s.g(oVar, "getHeader(...)");
        o sanitizedJwsHeader$3ds2sdk_release = companion.sanitizedJwsHeader$3ds2sdk_release(oVar);
        if (!isCertificateChainValid(sanitizedJwsHeader$3ds2sdk_release.f13037m, list)) {
            return false;
        }
        Oc.q verifier = getVerifier(sanitizedJwsHeader$3ds2sdk_release);
        synchronized (pVar) {
            AtomicReference<p.a> atomicReference = pVar.f13116f;
            if (atomicReference.get() != p.a.SIGNED && atomicReference.get() != p.a.VERIFIED) {
                throw new IllegalStateException("The JWS object must be in a signed or verified state");
            }
            try {
                try {
                    a10 = verifier.a(pVar.f13113c, pVar.f13114d.getBytes(C4431f.f44587a), pVar.f13115e);
                    if (a10) {
                        pVar.f13116f.set(p.a.VERIFIED);
                    }
                } catch (JOSEException e10) {
                    throw e10;
                }
            } catch (Exception e11) {
                throw new Exception(e11.getMessage(), e11);
            }
        }
        return a10;
    }

    @Override // com.stripe.android.stripe3ds2.transaction.JwsValidator
    public JSONObject getPayload(String jws) throws JSONException, ParseException, JOSEException, CertificateException {
        C5205s.h(jws, "jws");
        C4427b[] a10 = Oc.f.a(jws);
        if (a10.length != 3) {
            throw new ParseException("Unexpected number of Base64URL parts, must be three", 0);
        }
        p pVar = new p(a10[0], a10[1], a10[2]);
        if (this.isLiveMode) {
            if (isValid(pVar, this.rootCerts)) {
                return new JSONObject(pVar.f13050b.toString());
            }
            throw new IllegalStateException("Could not validate JWS");
        }
        o oVar = pVar.f13113c;
        List<C4426a> list = oVar.f13037m;
        if (list == null || list.isEmpty()) {
            return new JSONObject(pVar.f13050b.toString());
        }
        List<C4426a> list2 = oVar.f13037m;
        C5205s.g(list2, "getX509CertChain(...)");
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list2.iterator();
        while (it.hasNext()) {
            String str = ((C4426a) it.next()).f44584b;
            C5205s.g(str, "toString(...)");
            X509Certificate certificateFromString = certificateFromString(str);
            if (certificateFromString != null) {
                arrayList.add(certificateFromString);
            }
        }
        if (arrayList.isEmpty() || !isValid(pVar, arrayList)) {
            throw new IllegalStateException("Could not validate JWS");
        }
        return new JSONObject(pVar.f13050b.toString());
    }

    public final boolean isCertificateChainValid(List<? extends C4426a> list, List<? extends X509Certificate> rootCerts) {
        Object a10;
        List<? extends C4426a> list2;
        C5205s.h(rootCerts, "rootCerts");
        try {
            list2 = list;
        } catch (Throwable th2) {
            a10 = l.a(th2);
        }
        if (list2 == null || list2.isEmpty()) {
            throw new IllegalArgumentException("JWSHeader's X.509 certificate chain is null or empty");
        }
        if (rootCerts.isEmpty()) {
            throw new IllegalArgumentException("Root certificates are empty");
        }
        Companion.validateChain(list, rootCerts);
        a10 = Unit.f59839a;
        Throwable a11 = xk.k.a(a10);
        if (a11 != null) {
            this.errorReporter.reportError(a11);
        }
        return !(a10 instanceof k.a);
    }
}
